Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/3130392e3233342e3231332e302f32342d3234203d3e20383334.roa
File:                     3130392e3233342e3231332e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          6G42EwHdEoAwbnJ3IZ/cPbKfDhqaAeHYm8qiXEKXkEE=
Subject key identifier:   30:B3:5B:34:24:0A:4B:08:A4:8E:C6:78:08:0E:65:D3:B0:07:76:CA
Certificate issuer:       /CN=f768ff6e681858c0ec19f3a93fa1792cd16ceed3
Certificate serial:       564AD956607EABC7722DDEDE35A77AAAF6D6879E
Authority key identifier: F7:68:FF:6E:68:18:58:C0:EC:19:F3:A9:3F:A1:79:2C:D1:6C:EE:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/3130392e3233342e3231332e302f32342d3234203d3e20383334.roa
Signing time:             Sat 25 Jan 2025 13:44:04 +0000
ROA not before:           Sat 25 Jan 2025 13:39:04 +0000
ROA not after:            Sat 24 Jan 2026 13:44:04 +0000
asID:                     834
IP address blocks:        109.234.213.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:4a:d9:56:60:7e:ab:c7:72:2d:de:de:35:a7:7a:aa:f6:d6:87:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f768ff6e681858c0ec19f3a93fa1792cd16ceed3
        Validity
            Not Before: Jan 25 13:39:04 2025 GMT
            Not After : Jan 24 13:44:04 2026 GMT
        Subject: CN=30B35B34240A4B08A48EC678080E65D3B00776CA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:c3:34:c8:59:55:1a:8e:a6:00:06:f2:ee:d9:
                    9c:7a:ab:4c:0b:e9:14:e1:c8:ef:95:d2:bd:5d:48:
                    a9:eb:d4:9f:a2:d7:db:6e:cb:55:e8:c4:3f:e7:1d:
                    25:d6:80:7c:df:9d:6d:01:65:c0:9b:0d:3e:05:ff:
                    8d:66:82:80:62:5b:d6:f1:11:87:f1:35:21:7e:e6:
                    d8:db:be:42:c1:47:25:1d:6b:ae:26:3d:5d:13:50:
                    c0:f4:58:3a:86:93:a1:68:2c:fe:35:a9:f0:97:27:
                    f6:be:e7:bb:71:74:37:cf:ef:8e:29:62:4f:58:e3:
                    4b:b4:85:b2:4e:5b:28:d0:2c:54:bc:82:fc:32:c2:
                    2d:0c:ac:ee:04:a0:c5:40:5b:9b:8c:4e:0e:c2:90:
                    22:5c:31:18:20:28:87:dc:3d:18:53:03:51:20:c1:
                    b7:c9:60:27:0b:9c:b3:76:4b:73:43:ed:6e:5e:38:
                    7a:39:d0:83:44:63:82:d6:9c:a4:4c:c1:7c:f4:45:
                    87:b3:60:e1:2e:fe:8d:63:c1:79:56:ec:7a:76:e8:
                    fe:af:65:1a:38:2d:81:07:d2:bb:15:52:f0:08:bf:
                    51:44:dd:d9:62:68:f0:cf:5b:9d:35:2e:8b:b8:52:
                    ae:c5:9e:6f:2b:be:c8:2c:b7:b4:0a:48:a3:0e:dd:
                    6b:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:B3:5B:34:24:0A:4B:08:A4:8E:C6:78:08:0E:65:D3:B0:07:76:CA
            X509v3 Authority Key Identifier:
                keyid:F7:68:FF:6E:68:18:58:C0:EC:19:F3:A9:3F:A1:79:2C:D1:6C:EE:D3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/3130392e3233342e3231332e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.234.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:c5:86:41:2f:79:41:2d:f4:19:fa:ec:23:de:bc:fd:68:69:
         03:02:5b:95:60:b0:db:65:89:8b:f9:e9:57:7c:88:85:cf:91:
         2b:56:08:33:64:50:50:9f:16:a5:dd:b6:81:dc:b3:80:59:ba:
         30:0c:c6:88:75:49:68:2c:64:19:29:01:e8:bf:35:31:d8:dd:
         dd:e3:4b:28:81:60:53:74:ed:c3:ae:4a:f0:5f:70:cb:11:f4:
         9e:4f:d7:02:3e:79:6d:60:3c:15:a5:a5:4a:bc:1f:84:e7:50:
         ca:52:85:80:e9:75:5c:53:af:55:18:72:58:d0:3d:49:be:5b:
         0a:3b:24:e8:b4:79:2a:f8:7a:4d:17:2e:97:a8:1e:76:12:34:
         21:82:c4:3e:22:a5:fd:f3:1c:9a:ab:4d:88:a2:1f:c2:d9:f3:
         cd:0f:13:ff:ad:b9:0e:40:9f:1e:6a:fb:fc:76:57:70:08:24:
         9c:23:76:0c:6b:16:71:9b:b5:44:f1:8d:e8:15:57:b1:3e:ee:
         1e:a9:16:c6:51:8f:79:95:f3:24:31:a6:7f:65:b0:da:0e:94:
         94:3e:79:57:5f:fa:ab:7e:37:84:07:f6:a1:be:e4:f2:4b:ff:
         83:80:10:3d:61:e7:58:f0:b7:47:e7:61:cf:cd:ef:55:58:df:
         79:35:15:4f
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUVkrZVmB+q8dyLd7eNad6qvbWh54wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZjc2OGZmNmU2ODE4NThjMGVjMTlmM2E5M2ZhMTc5MmNk
MTZjZWVkMzAeFw0yNTAxMjUxMzM5MDRaFw0yNjAxMjQxMzQ0MDRaMDMxMTAvBgNV
BAMTKDMwQjM1QjM0MjQwQTRCMDhBNDhFQzY3ODA4MEU2NUQzQjAwNzc2Q0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMwzTIWVUajqYABvLu2Zx6q0wL
6RThyO+V0r1dSKnr1J+i19tuy1XoxD/nHSXWgHzfnW0BZcCbDT4F/41mgoBiW9bx
EYfxNSF+5tjbvkLBRyUda64mPV0TUMD0WDqGk6FoLP41qfCXJ/a+57txdDfP744p
Yk9Y40u0hbJOWyjQLFS8gvwywi0MrO4EoMVAW5uMTg7CkCJcMRggKIfcPRhTA1Eg
wbfJYCcLnLN2S3ND7W5eOHo50INEY4LWnKRMwXz0RYezYOEu/o1jwXlW7Hp26P6v
ZRo4LYEH0rsVUvAIv1FE3dliaPDPW501Lou4Uq7Fnm8rvsgst7QKSKMO3WttAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUMLNbNCQKSwikjsZ4CA5l07AHdsowHwYDVR0j
BBgwFoAU92j/bmgYWMDsGfOpP6F5LNFs7tMwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMGNjMDg3MzctOTI2Ny00MDJhLTk5ZDQtN2FhYWZlYTQ0
NGVkLzAvRjc2OEZGNkU2ODE4NThDMEVDMTlGM0E5M0ZBMTc5MkNEMTZDRUVEMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzkyal9ibWdZV01Ec0dmT3BQNkY1TE5G
czd0TS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMGNjMDg3Mzct
OTI2Ny00MDJhLTk5ZDQtN2FhYWZlYTQ0NGVkLzAvMzEzMDM5MmUzMjMzMzQyZTMy
MzEzMzJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAG3q
1TANBgkqhkiG9w0BAQsFAAOCAQEALsWGQS95QS30GfrsI968/WhpAwJblWCw22WJ
i/npV3yIhc+RK1YIM2RQUJ8Wpd22gdyzgFm6MAzGiHVJaCxkGSkB6L81Mdjd3eNL
KIFgU3Ttw65K8F9wyxH0nk/XAj55bWA8FaWlSrwfhOdQylKFgOl1XFOvVRhyWNA9
Sb5bCjsk6LR5Kvh6TRcul6gedhI0IYLEPiKl/fMcmqtNiKIfwtnzzQ8T/625DkCf
Hmr7/HZXcAgknCN2DGsWcZu1RPGN6BVXsT7uHqkWxlGPeZXzJDGmf2Ww2g6UlD55
V1/6q343hAf2ob7k8kv/g4AQPWHnWPC3R+dhz83vVVjfeTUVTw==
-----END CERTIFICATE-----